What are the Meltdown and Spectre vulnerabilities?
Meltdown and Spectre refer to recently discovered vulnerabilities that leave devices susceptible to having personal information such as passwords, private keys, or other information stolen. Specifically, these bugs affect devices using Intel, AMD and ARM chips. These vulnerabilities affect just about every smartphone, laptop and desktop computer currently in use making it one of the most alarming information security issues in history.
Spectre and Meltdown are a reminder that anything cloud-based as well as anything on your PC, regardless of manufacturer or operating system, can be vulnerable, including cryptocurrency.
Quickly (and perhaps unfairly) being dubbed “Intel bugs”, Spectre and Meltdown enables attackers toexploit both programs and the system itself to reveal private data. While a lot of the news around Spectre and Meltdown focuses on individual computers, servers are also vulnerable to the bugs, which raises concerns for cloud-based cryptocurrency storage and exchange platforms.
Spectre and Meltdown risks to cryptocurrency wallets
Cryptocurrency holders are one of the many groups that have potential for serious damage if affected by the Spectre and Meltdown bugs. Most if not all cloud-based services such as exchanges or digital wallets are hosted on servers that are vulnerable to the Intel bugs. The potential reward for attackers is far greater if they are able to access dozens or thousands of wallets on the same server as opposed to individual wallets on a single computer. In the first week of January, many Bittrex wallets were taken offline while the exchange patched vulnerabilities in their servers. The ability to trade certain cryptocurrencies on other exchanges was also temporarily halted while patches were put in place.
Seeing that this is not only a concern for individuals who must protect themselves but also for trusted third parties like exchanges and online wallet providers should raise questions about the security of your own cryptocurrency holdings. There is also a secondary concern with the flaws beyond having wallet keys compromised. As these bugs are patched, many of the exchanges are paused or suspended, which can leave you without access to buy or sell certain cryptocurrencies through the online wallets that you may rely on.
Safehaven: cryptocurrency hardware wallets
Spectre and Meltdown are a reminder that anything cloud-based as well as anything on your PC, regardless of manufacturer or operating system, can be vulnerable, including cryptocurrency. Private keys can be stolen through online or desktop applications or even when stored in folders on a device that has been compromised. The best step that you can take to ensure the security of your cryptocurrency is to purchase a hardware wallet.
Hardware wallets like the Ledger Nano S, Trezor and KeepKey cannot be compromised by threats like the Intel bugs, or any other, similar attacks. They will keep your cryptocurrency private keys stored in an offline manner using their own embedded apps. And, the processors running on the hardware wallets mentioned aren’t subject to the Spectre and Meltdown vulnerabilities. This keeps any outside code from running on the device and keeps your cryptocurrency safe from code that may try to steal your information.
Additional steps you can take
Using a hardware wallet is going to be the biggest step that you can take to ensure that your Bitcoin, Ethereum or other alt coins stay safe. Beyond that, general best practices for cryptocurrency security include:
- Never share your private keys, wallet pin or 24 words
- Install only applications from the developer of your hardware wallet
- Purchase a trusted hardware wallet from a reputable and safe manufacturer such as Ledger or Satoshi Labs (TREZOR)
- Always verify the address where you are sending cryptocurrency
- Don’t store wallet, private key or passcode information in any locations on a desktop, laptop or mobile device that could be compromised
If you have any additional questions about the specifics of the Spectre and Meltdown flaws, or the security specifics of a hardware wallet, feel free to leave a comment below or send us an email.